4 * The secure anycast tunneling protocol (satp) defines a protocol used
5 * for communication between any combination of unicast and anycast
6 * tunnel endpoints. It has less protocol overhead than IPSec in Tunnel
7 * mode and allows tunneling of every ETHER TYPE protocol (e.g.
8 * ethernet, ip, arp ...). satp directly includes cryptography and
9 * message authentication based on the methods used by SRTP. It is
10 * intended to deliver a generic, scaleable and secure solution for
11 * tunneling and relaying of packets of any protocol.
14 * Copyright (C) 2007-2014 Markus Grüneis, Othmar Gsenger, Erwin Nindl,
15 * Christian Pointner <satp@wirdorange.org>
17 * This file is part of Anytun.
19 * Anytun is free software: you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation, either version 3 of the License, or
24 * Anytun is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
29 * You should have received a copy of the GNU General Public License
30 * along with Anytun. If not, see <http://www.gnu.org/licenses/>.
32 * In addition, as a special exception, the copyright holders give
33 * permission to link the code of portions of this program with the
34 * OpenSSL library under certain conditions as described in each
35 * individual source file, and distribute linked combinations
37 * You must obey the GNU General Public License in all respects
38 * for all of the code used other than OpenSSL. If you modify
39 * file(s) with this exception, you may extend this exception to your
40 * version of the file(s), but you are not obligated to do so. If you
41 * do not wish to do so, delete this exception statement from your
42 * version. If you delete this exception statement from all source
43 * files in the program, then also delete it here.
46 #ifndef ANYTUN_authAlgo_h_INCLUDED
47 #define ANYTUN_authAlgo_h_INCLUDED
49 #include "datatypes.h"
51 #include "encryptedPacket.h"
55 #if defined(USE_SSL_CRYPTO)
56 #include <openssl/hmac.h>
57 #elif defined(USE_NETTLE)
58 #include <nettle/hmac.h>
59 #else // USE_GCRYPT is the default
64 #include "keyDerivation.h"
69 AuthAlgo() : dir_(KD_INBOUND) {};
70 AuthAlgo(kd_dir_t d) : dir_(d) {};
71 virtual ~AuthAlgo() {};
75 * @param packet the packet to be authenticated
77 virtual void generate(KeyDerivation& kd, EncryptedPacket& packet) = 0;
81 * @param packet the packet to be authenticated
83 virtual bool checkTag(KeyDerivation& kd, EncryptedPacket& packet) = 0;
89 //****** NullAuthAlgo ******
91 class NullAuthAlgo : public AuthAlgo
94 void generate(KeyDerivation& kd, EncryptedPacket& packet);
95 bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
97 static const uint32_t DIGEST_LENGTH = 0;
101 //****** Sha1AuthAlgo ******
102 //* HMAC SHA1 Auth Tag Generator Class
104 class Sha1AuthAlgo : public AuthAlgo
107 Sha1AuthAlgo(kd_dir_t d);
110 void generate(KeyDerivation& kd, EncryptedPacket& packet);
111 bool checkTag(KeyDerivation& kd, EncryptedPacket& packet);
113 static const uint32_t DIGEST_LENGTH = 20;
116 #if defined(USE_SSL_CRYPTO)
118 #elif defined(USE_NETTLE)
119 struct hmac_sha1_ctx ctx_;
120 #else // USE_GCRYPT is the default
121 gcry_md_hd_t handle_;